Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #50691
| Path | csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder1.xlned.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <burak.arslan@arskom.com.tr> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.000 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'subject:Python': 0.06; 'column': 0.07; 'json': 0.07; 'socket': 0.07; 'bytes,': 0.09; 'data:': 0.09; 'http': 0.09; 'parsing': 0.09; 'valueerror:': 0.09; 'itself.': 0.14; '(char': 0.16; '16)': 0.16; 'burak': 0.16; 'fetch': 0.16; 'fits': 0.16; 'from:addr:arskom.com.tr': 0.16; 'from:addr:burak.arslan': 0.16; 'from:name:burak arslan': 0.16; 'json,': 0.16; 'json.scanner': 0.16; 'json:': 0.16; 'message- id:@arskom.com.tr': 0.16; 'one)': 0.16; 'received:arskomhosting.com': 0.16; 'streams.': 0.16; 'stringio': 0.16; 'subject:object': 0.16; 'subject:security': 0.16; 'tcp': 0.16; 'unsafe': 0.16; "{'a':": 0.16; 'do,': 0.16; 'wrote:': 0.18; 'library': 0.18; 'bit': 0.19; 'module': 0.19; 'mechanism': 0.19; "python's": 0.19; 'restrictions': 0.19; 'meant': 0.20; 'seems': 0.21; '>>>': 0.22; 'import': 0.22; 'separate': 0.22; 'print': 0.22; 'load': 0.23; 'header:User-Agent:1': 0.23; 'mind.': 0.24; 'parse': 0.24; 'question': 0.24; 'skip:" 30': 0.26; 'skip:" 40': 0.26; 'skip:_ 20': 0.27; 'header:In-Reply-To:1': 0.27; 'rest': 0.29; 'chris': 0.29; 'raise': 0.29; 'xml': 0.29; '???': 0.30; 'document.': 0.30; '"",': 0.31; 'doc': 0.31; 'end,': 0.31; 'loads': 0.31; 'ordinary': 0.31; 'file': 0.32; 'probably': 0.32; 'quite': 0.32; '(most': 0.33; 'limitation': 0.33; 'skip:s 30': 0.35; 'but': 0.35; 'there': 0.35; 'skip:j 20': 0.36; 'easily': 0.37; 'system,': 0.38; 'depends': 0.38; 'e.g.': 0.38; 'whatever': 0.38; 'to:addr:python-list': 0.38; 'recent': 0.39; 'explain': 0.39; 'does': 0.39; "couldn't": 0.39; 'itself': 0.39; 'to:addr:python.org': 0.39; 'enough': 0.39; 'how': 0.40; 'easy': 0.60; 'skip:y 20': 0.60; 'length': 0.61; 'simple': 0.61; 'guarantee': 0.63; 'provide': 0.64; 'side': 0.67; 'parser,': 0.84; 'recover': 0.91 |
| Date | Mon, 15 Jul 2013 16:42:07 +0100 |
| From | Burak Arslan <burak.arslan@arskom.com.tr> |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130711 Thunderbird/17.0.7 |
| MIME-Version | 1.0 |
| To | python-list@python.org |
| Subject | Re: Python - remote object protocols and security |
| References | <CAPTjJmqAEUUrUxaFjAh8qGjBbNuhNp9Nz6RKQDbraOm0kCVJDg@mail.gmail.com> <595253102.8424684.1373892072113.JavaMail.root@sequans.com> <CAPTjJmoP0OHZP+GBjjZxVMwVT0eSXG1azK1NkZov_x4=1jq-xQ@mail.gmail.com> |
| In-Reply-To | <CAPTjJmoP0OHZP+GBjjZxVMwVT0eSXG1azK1NkZov_x4=1jq-xQ@mail.gmail.com> |
| Content-Type | text/plain; charset=UTF-8 |
| Content-Transfer-Encoding | 7bit |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4731.1373902913.3114.python-list@python.org> (permalink) |
| Lines | 72 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1373902913 news.xs4all.nl 15888 [2001:888:2000:d::a6]:47968 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:50691 |
Show key headers only | View raw
On 07/15/13 13:51, Chris Angelico wrote:
> So the only bit you still need is: How do you transmit this across the
> network? Since it's now all just bytes, that's easy enough to do, eg
> with TCP. But that depends on the rest of your system, and is a quite
> separate question - and quite probably one you already have the answer
> to.
For Json, you need to have a way of delimiting messages -- to my
knowledge, Python's json library does not support parsing streams.
You can send the json document in the body of a Http POST, or a ZeroMQ
message, or in a UDP datagram (if you can guarantee it fits inside one)
or in a simple TCP-based encapsulation mechanism that e.g. prepends the
length of the message to the document.
e.g.
'\x00\x00\x00\x07{"a":1}'
As MessagePack already does this, you can send MessagePack documents via
an ordinary TCP socket and easily recover them on the other side of the
pipe.
>>> import msgpack; from StringIO import StringIO
>>> s = StringIO(msgpack.dumps({"a":1}) + msgpack.dumps({"b":2}))
>>> for doc in msgpack.Unpacker(s):
... print doc
...
{'a': 1}
{'b': 2}
This won't work with Json:
>>> import json; from StringIO import StringIO
>>> s = StringIO(json.dumps({"a":1}) + json.dumps({"b":2}))
>>> for doc in json.load(s): # or whatever ???
... print doc
...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/json/__init__.py", line 290, in load
**kw)
File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 368, in decode
raise ValueError(errmsg("Extra data", s, end, len(s)))
ValueError: Extra data: line 1 column 9 - line 1 column 17 (char 8 - 16)
Note that this is a limitation of python's Json parser, not Json itself.
There seems to be a json.scanner module that *sounds* like it provides
this functionality,
but I couldn't find any documentation about it.
Alternatively, PyYaml can also parse streams. yaml.{dump,load}_all()
provide pickle-like unsafe (de)serialization support and
yaml.safe_{dump,load}_all provide msgpack-like safe-but-limited stream
parsing support.
also;
On 07/15/13 13:57, Chris Angelico wrote:
> But what I meant was that the [Json] protocol itself is designed with
> security restrictions in mind. It's designed not to fetch additional
> content from the network (as XML can),
Can you explain how parsing XML can fetch data from the network?
Best,
Burak
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Python - remote object protocols and security Burak Arslan <burak.arslan@arskom.com.tr> - 2013-07-15 16:42 +0100
csiph-web